Appl. No. 09/666,377 

Amdt. Dated April 23, 2007 

Reply to Notice to Correct Application Papers 

Replacement Sheet Fig. 10 




rooo 



AUTHENTICATION DATA FLOW 



/005 

V 

f IS / IS 


SEND 


RECEIVE 


SSL 


ACTION 

I I \J IN 


USER 


VENDOR 


1/2 


TRANSACTION OCCURS, SUCH 
AS SELECTING PURCHASE 


VENDOR 


USER 


1/2 


TRANSMIT TRANSACTION ID 
(TID) AND AUTHENTICATION 
REQUEST (AR) 






AUTHENTICATION DATA (Q') IS 
GATHERED FROM USER 


/ IS / «_/ 

V 
f020 


USER 


TE 


1/2 


TRANSMIT TID AND B' WRAPPED 
IN THE PUBLIC KEY OF THE 
AUTHENTICATION ENGINE (AE), 
AS (PUB_AE(TID, B')) 


V 


TE 


AE 


FULL 


FORWARD TRANSMISSION 


f025 




ENROLLMENT AUTHENTICATION 
DATA (B) IS REQUESTED AND 


V 


VENDOR 


TRANSACTION 
ENGINE (TE) 


FULL 


TRANSMITS TID, AR 




TE 


MASS STORAGE(MS) 


FULL 


CREATE RECORD IN DATABASE 


/OJ5 


TE 


THE Xth 
DEPOSITORY(DX) 


FULL 


UID, TID 










TRANSMIT THE TID AND THE 
PORTION OF THE 




DX 


AE 


FULL 


AUTHENTICATION DATA STORED 


f045 








AT ENROLLMENT (BX) AS 
(PUB_AE(TID, BX)) 






AE ASSEMBLES B AND 
COMPARES TO B' 


AE 


TE 


FULL 


TID, THE FILLED IN AR 




TE 


VENDOR 


FULL 


TID, YES/NO 


f055 


TE 


USER 


1/2 


TID, CONFIRMATION MESSAGE 



r/c. to 



Appl. No. 09/666,377 

Amdt. Dated April 23, 2007 

Reply to Notice to Correct Application Papers 

Replacement Sheet Fig. 1 1 



12/21 



■tfOO 



SIGNING DATA FLOW 


J L IN U 


RECEIVE 


SSL 


ACTION 


USER 


VENDOR 


1/2 


TRANSACTION OCCURS, SUCH AS 
AGREEING ON A DEAL 




USER 


1 /2 


TRANSMIT TRANSACTION IDENTIFICATION 

fell i ft J M f» f*t f v • p*v \ All "T* I | ^ L l ■ A A 1 J-k k 1 

NUMBER (TID), AUTHENTICATION 
REQUEST (AR), AND AGREEMENT OR 
MESSAGE (M) 








CURRENT AUTHENTICATION DATA (B*) 
AND A HASH OF THE MESSAGE 
RECEIVED BY THE USER (h(M')) IS 
GATHERED FROM USER 


USER 


TE 


1/2 


TRANSMIT TID, B\ AR, AND h(M') 

w/DAPPrn im Tur pi mi ip i/rv nr tut 

WKArrLU IIN Inc. rUoLIL. t\fc.T Ur 1 ML 

AUTHENTICATION ENGINE (AE) AS 
(PUB AE(TID, B\ h(M')) 


TE 


AE 


FULL 


FORWARD TRANSMISSION 




GATHER ENROLLMENT AUTHENTICATION 
DATA 


VENDOR 


TRANSACTION 
ENGINE (TE") 


FULL 


TRANSMITS UID, TID, AR, AND A HASH 
OF THE MESSAGE (h(M)). 


TE 


MASS STORAGE (MS) 


FULL 


CREATE RECORD IN DATABASE 


TE 


THE Xth 
DEPOSITORY(DX) 


FULL 


UID, TID 


DX 


AE 


FULL 


TRANSMIT THE TID AND THE PORTION 
OF THE AUTHENTICATION DATA STORED 
AT ENROLLMENT (BX).AS (PUB AE(TID, 
BX)) 




THE ORIGINAL VENDOR MESSAGE IS 
TRANSMITTED TO THE AE 


TE 


AE 


FULL 


TRANSMIT h(M) 




AE ASSEMBLES B COMPARES TO H' 
AND COMPARES h(M} TO hfM' 1 ) 


AE 


CRYPTOGRAPHIC 
ENGINE (CE) 


FULL 


REQUEST FOR DIGITAL SIGNATURE AND 
A MESSAGE TO BE SIGNED, FOR 
EXAMPLE. THE HASHED MESSAGE 


AE 


DX 


FULL 


TID. SIGNING UID 


DX 


CE 


FULL 


TRANSMIT THE PORTION OF THE 
CRYPTOGRAPHIC KEY CORRESPONDING 
TO THE SIGNING PARTY 




CE ASSEMBLES KEY AND SIGNS 


CE 


AE 


FULL 


TRANSMIT THE DIGITAL SIGNATURE (S) 
OF SIGNING PARTY 


AE 


TE 


FULL 


TID, THE FILLED IN AR, h(M), AND S 


TE 


VENDOR 


FULL 


TID, A RECEIPT=(TID, YES/NO, AND 
S), AND THE DIGITAL SIGNATURE OF 
THE TRUST ENGINE, FOR EXAMPLE, A 
HASH OF THE RECEIPT ENCRYPTED 
WITH THE TRUST ENGINE'S PRIVATE 
KEY (Priv_TE(h(RECEIPT))) 


TE 


USER 


1/2 


TID. CONFIRMATION MESSAGE 



rroj 

v 

ff05 

///^ 
///^ 

f/20 

f/25~ 

r/so 



f/J5 
ff40 



r/G. 7 7 



AppL No. 09/666,377 

Amdt. Dated April 23, 2007 

Reply to Notice to Correct Application Papers 

Replacement Sheet Fig. 12 



13/21 



/200 



ENCRYPTION/DECRYPTION DATA FLOW 


SEND 


RECEIVE 


SSL ACTION 


DECRYPTION 




DCDrnDki A 1ITLJ rklTir 1 A T\C\ M RATA 

rLKrUKM AU 1 ritlN 1 IOA 1 IUN DA 1 A 
PROCESS 1000, INCLUDE THE 
SESSION KEY (SYNC) IN THE 
AR, WHERE THE SYNC HAS BEEN 
rwrRYPTrn with tut piiriip 

LiNUrxTriLU wiin int. run LIU 

KEY OF THE USER AS 

DIID 1 ICTDfCMVr^ 




AUTHENTICATE THE USER 


AE 


CE 


FULL 


FORWARD PUB USER(SYNC) 
TO CE 


AE 


DX 


FULL 


UID, TID 


DX 


CE 


FULL 


TRANSMIT THE TID AND THE 
PORTION OF THE PRIVATE KEY 
AS (PUB_AE(TID, KEY_USER)) 




CE ASSEMBLES THE 
CRYPTIOGRAPHIC KEY AND 
DECRYPTS THE SYNC 


CE 


AE 


FULL 


TID, THE FILLED IN AR 
INCLUDING DECRYPTED SYNC 


AE 


TE 


FULL 


FORWARD TO TE 


TE 


REQUESTING 
APP/VENDOR 


1/2 


TID, YES/NO, SYNC 


ENCRYPTION 


REQUESTING 
APP/VENDOR 


TE 


1/2 


REQUEST FOR PUBLIC KEY 
OF USER 


TE 


MS 


FULL 


REQUEST DIGITAL CERTIFICATE 


MS 


TE 


FULL 


TRANSMIT DIGITAL CERTIFICATE 


TE 


REQUESTING 
APP/VENDOR 


1/2 


TRANSMIT DIGITAL CERTIFICATE 



/205 



/2/0 
f2/5 



/220 



/225 
f2JO 



/2J5 

V 

/240 
!245 

f250 



r/G. 7 2 



